From: | emad al-mousa <emadalmousa2002(at)yahoo(dot)com> |
---|---|
To: | "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
Subject: | DoS Vulnerability |
Date: | 2024-05-14 16:18:15 |
Message-ID: | 2011067370.2392963.1715703495829@mail.yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Hello,
In the documentation: 5.7. Privileges
| | |
5.7. Privileges
|
“For other types of objects, the default privileges granted to PUBLIC are as follows: CONNECT and TEMPORARY (create temporary tables) privileges for databases; EXECUTE privilege for functions and procedures; and USAGE privilege for languages and data types (including domains). The object owner can, of course, REVOKE both default and expressly granted privileges. (For maximum security, issue the REVOKE in the same transaction that creates the object; then there is no window in which another user can use the object.)”
by default any role/user in postgresql can connect to "ANY" database in the cluster so even though the account can only connect, the account can still create temporary object (for example temporary table). This table will be created in the default database tablespace of the database associated with...it will consume the space until it exhausts it....this means an application performing bulk write will face problems inserting data. keeping connect permission by default granted to PUBLIC in PostgreSQL is opening a wide security hole that shouldn't exist in the first. I strongly believe this should be patched and connect permission should be revoked from PUBLIC in all databases and template1 database (the base database where DB's are created based on)
account donald who is defined in pg_hba.conf file to authenticate against postgres database as shown below, will be able t connect to "odsdb" database and exhaust tablespace and cause Denial Of Service.
$ /usr/pgsql-15/bin/psql -h localhost -U donald -d postgres -WPassword:psql (15.6)SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)Type "help" for help.
postgres=> \c odsdbPassword:SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)You are now connected to database "odsdb" as user "donald".odsdb=> create temporary table tempo as select * from generate_series(1,1000000000000000000000000000000000000);ERROR: could not write to file "pg_tblspc/16389/PG_15_202209061/pgsql_tmp/pgsql_tmp7557.7": No space left on device
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2024-05-14 17:00:26 | Re: BUG #18463: Possible bug in stored procedures with polymorphic OUT parameters |
Previous Message | Tom Lane | 2024-05-14 15:55:18 | Re: BUG #18464: Replacing a SQL function silently drops the generated columns that use this function |